DS 511 Step 8 for MS comment (002).docx

7 December 2020

IAEA SAFETY STANDARDS for protecting people and the environment

Use of a Graded Approach in

the Application of the Safety Requirements for

Research Reactors

DS511

DRAFT SPECIFIC SAFETY GUIDE

A revision of Safety Guide SSG-22

Step 8

For submission to MS for comments

2

CONTENTS

1. INTRODUCTION.........................................................................................................4

BACKGROUND ..........................................................................................................4

OBJECTIVE ................................................................................................................5

SCOPE ........................................................................................................................5

STRUCTURE...............................................................................................................6

2. BASIC ELEMENTS OF A GRADED APPROACH FOR RESEARCH REACTORS..............6

GENERAL CONSIDERATIONS OF A GRADED APPROACH .........................................6

DESCRIPTION OF THE USE OF A GRADED APPROACH IN THE APPLICATION OF

SAFETY REQUIREMENTS ..........................................................................................7

3. USE OF A GRADED APPROACH IN THE REGULATORY SUPERVISION OF RESEARCH REACTORS ............................................................................................ 10

THE USE OF A GRADED APPROACH IN THE LEGAL AND REGULATORY

INFRASTRUCTURE .................................................................................................. 10

THE USE OF A GRADED APPROACH IN THE ORGANIZATION AND FUNCTIONS OF

THE REGULATORY BODY ....................................................................................... 11

THE USE OF A GRADED APPROACH IN THE AUTHORIZATION PROCESS............... 12

THE USE OF A GRADED APPROACH IN INSPECTION AND ENFORCEMENT............ 14

4. USE OF A GRADED APPROACH IN THE MANAGEMENT AND VERIFICATION OF SAFETY OF RESEARCH REACTORS ......................................................................... 15

RESPONSIBILITIES IN THE MANAGEMENT FOR SAFETY ....................................... 15

SAFETY POLICY ...................................................................................................... 16

THE USE OF A GRADED APPROACH IN THE APPLICATION OF THE REQUIREMENTS

FOR THE MANAGEMENT SYSTEM .......................................................................... 16

THE USE OF A GRADED APPROACH IN THE APPLICATION OF THE REQUIREMENT

FOR VERIFICATION OF SAFETY .............................................................................. 17

5. THE USE OF A GRADED APPROACH IN SITE EVALUATION FOR RESEARCH REACTORS............................................................................................................... 19

6. THE USE OF A GRADED APPROACH IN THE DESIGN OF RESEARCH REACTORS ... 21

THE USE OF A GRADED APPROACH IN PRINCIPAL TECHNICAL REQUIREMENTS . 22

THE USE OF A GRADED APPROACH IN GENERAL REQUIREMENTS FOR DESIGN .. 26

THE USE OF A GRADED APPROACH IN SPECIFIC REQUIREMENTS FOR DESIGN ... 42

THE USE OF A GRADED APPROACH IN INSTRUMENTATION AND CONTROL

SYSTEMS ................................................................................................................. 46

3

THE USE OF A GRADED APPROACH IN SUPPORTING SYSTEMS AND AUXILIARY

SYSTEMS ................................................................................................................. 52

7. THE USE OF A GRADED APPROACH IN THE OPERATION OF RESEARCH REACTORS................................................................................................................................. 55

THE USE OF A GRADED APPROACH IN ORGANIZATIONAL PROVISIONS .............. 55

OPERATIONAL LIMITS AND CONDITIONS .............................................................. 59

PERFORMANCE OF SAFETY RELATED ACTIVITIES ................................................ 61

THE USE OF A GRADED APPROACH IN COMMISSIONING ...................................... 61

THE USE OF A GRADED APPROACH IN OPERATION ............................................... 62

8. USE OF A GRADED APPROACH IN THE PREPARATION FOR DECOMMISSIONING OF RESEARCH REACTORS ............................................................................................ 75

9. USE OF A GRADED APPROACH TO THE INTERFACES BETWEEN SAFETY AND SECURITY FOR RESEARCH REACTORS................................................................... 76

REFERENCES .................................................................................................................... 78

CONTRIBUTORS TO DRAFTING AND REVIEW ................................................................. 81

4

1. INTRODUCTION

BACKGROUND

1.1. This Safety Guide provides recommendations on the use of a graded approach in the application

of the safety requirements for research reactors, including critical and subcritical assemblies, established

in IAEA Safety Standards Series No. SSR-3, Safety of Research Reactors [1].

1.2. For the purpose of this Safety Guide, a graded approach is the application of safety requirements

commensurate with the risks associated with the research reactor. The use of a graded approach is

intended to ensure that the necessary levels of analysis, documentation and actions are commensurate

with, for example, the magnitudes of any radiation hazards, the nature and the particular characteristics

of a facility, and the stage in the lifetime of a facility.

1.3. This Safety Guide was developed together with ten other Safety Guides on the safety of research

reactors:

⎯ IAEA Safety Standards Series No. DS509A, Commissioning of Research Reactors [2];

⎯ IAEA Safety Standards Series No. DS509B, Maintenance, Periodic Testing and Inspection of

Research Reactors [3];

⎯ IAEA Safety Standards Series No. DS509C, Core Management and Fuel Handling for Research

Reactors [4];

⎯ IAEA Safety Standards Series No. DS509D, Operational Limits and Conditions and Operating

Procedures for Research Reactors [5];

⎯ IAEA Safety Standards Series No. DS509E, The Operating Organization and the Recruitment,

Training and Qualification of Personnel for Research Reactors [6];

⎯ IAEA Safety Standards Series No. DS509F, Radiation Protection and Radioactive Waste

Management in the Design and Operation of Research Reactors [7];

⎯ IAEA Safety Standards Series No. DS509G, Ageing Management for Research Reactors [8];

⎯ IAEA Safety Standards Series No. DS509H, Instrumentation and Control Systems and Software

Important to Safety for Research Reactors [9];

⎯ IAEA Safety Standards Series No. DS510A, Safety Assessment of Research Reactors and

Preparation of the Safety Analysis Report [10];

⎯ IAEA Safety Standards Series No. DS510B, Safety in the Utilization and Modification of

Research Reactors [11].

5

1.4. The terms used in this Safety Guide, including the definition of a graded approach, are to be

understood as defined in the IAEA Safety Glossary [12].

1.5. This Safety Guide supersedes the IAEA Safety Standards Series No. SSG-22, Use of a Graded

Approach in the Application of the Safety Requirements for Research Reactors1.

OBJECTIVE

1.6. The Safety Guide provides recommendations on the use of a graded approach in the application

of the safety requirements for research reactors, which are established in SSR-3 [1]. This Safety Guide

is intended for use by regulatory bodies, operating organizations and other organizations involved in the

site evaluation, design, construction, commissioning, operation, and preparation for decommissioning

of research reactors.

SCOPE

1.7. The application of a graded approach to all of the activities throughout the lifetime of a research

reactor (site evaluation, design, construction, commissioning, operation and preparation for

decommissioning) is addressed, including utilization and experiments which are specific features of

research reactor operation. These activities are identified in SSR-3 [1]. A major aspect of this Safety

Guide involves the use of a graded approach in the application of the safety requirements for design and

operation of research reactors, so that the fundamental safety objective (see paras 2.2 and 2.3 of SSR-3

[1]) to protect people and the environment from harmful effects of ionizing radiation is achieved.

1.8. This Safety Guide is primarily intended for use for heterogeneous, thermal spectrum research

reactors having a power rating of up to several tens of megawatts. Research reactors of higher power,

specialized reactors (e.g. homogeneous reactors, fast spectrum reactors) and reactors having specialized

facilities (e.g. hot or cold neutron sources, high pressure and high temperature loops) may need

additional guidance.

1.9. Para 6.18 of SSR-3 [1] states that “The use of a graded approach in the application of the safety

requirements shall not be considered as a means of waiving safety requirements and shall not

compromise safety”. All requirements are applicable to all types of research reactor and cannot be

waived. The recommendations provided in this Safety Guide are on whether and how a graded approach

can be applied to these requirements in SSR-3 [1].

___________________________________________________________________________ 1 INTERNATIONAL ATOMIC ENERGY AGENCY, Use of a Graded Approach in the Application of the Safety

Requirements for Research Reactors, IAEA Safety Standards Series No. SSG-22, IAEA, Vienna (2012).

6

STRUCTURE

1.10. Section 2 provides a description of the basic elements of a graded approach and its application.

The remaining sections provide recommendations on the application of a graded approach to

requirements for regulatory supervision (Section 3); management and verification of safety (Section 4);

site evaluation (Section 5); design (Section 6); operation (Section 7); and preparation for

decommissioning (Section 8). Section 9 discusses Requirement 90 from SSR-3 [1] on the interfaces

between safety and security. Sections 3– 9 have a similar structure to the corresponding sections of SSR-

3 [1].

2. BASIC ELEMENTS OF A GRADED APPROACH FOR RESEARCH

REACTORS

GENERAL CONSIDERATIONS OF A GRADED APPROACH

2.1. The use of a graded approach in the application of the safety requirements for research reactors

in SSR-3 [1[ is valid in all stages of the lifetime of a research reactor (see para.1.7).

2.2. Research reactors are used for special and varied purposes, such as research, training, education,

radioisotope production, neutron radiography and materials testing. These purposes call for different

design features and different operational regimes. Design and operating characteristics of research

reactors may vary significantly, in particular the use of experimental devices may introduce specific

potential hazards. In addition, the need for flexibility in their use requires a different approach to

achieving and managing safety.

2.3. Because of the wide range of designs, operating conditions, radioactive inventories and utilization

activities, the safety requirements for research reactors are not applied to every research reactor in the

same way. For example, the way in which requirements are demonstrated to be met for a multipurpose,

high power research reactor might be very different from the way in which the requirements are

demonstrated to be met for a research reactor with very low power and very low associated radiation

hazard to facility staff, the public and the environment. SSR-3 [1], which applies to a wide range of

research reactors, includes information on the application of the safety requirements in accordance with

a graded approach (see paras 2.15–2.17 of SSR-3 [1]).

7

2.4. During the lifetime of a research reactor, the use of a graded approach in the application of the

safety requirements should be such that safety functions and operational limits and conditions are

preserved, and there are no undue radiation hazards to workers, the public or the environment.

2.5. The use of a graded approach should be based on safety analyses, regulatory requirements and

expert judgement. Expert judgement implies that account is taken of the safety functions of structures,

systems and components (SSCs) and the consequences of the failure to perform these functions and

implies that the judgement is documented and subjected to appropriate review and approval using a

process in the management system. Prescriptive regulatory approaches2, resulting in very detailed

regulatory requirements may restrict the use of a graded approach by the operating organisation on some

of the topics in this Safety Guide. Other elements to be considered when applying a graded approach

are the complexity and the maturity of the technology, operating experience associated with activities

and the stage in the lifetime of the facility.

DESCRIPTION OF THE USE OF A GRADED APPROACH IN THE APPLICATION OF

SAFETY REQUIREMENTS

2.6. The result of the use of a graded approach in the application of safety requirements should be a

decision on the appropriate effort to be expended and appropriate manner of complying with a safety

requirement, in accordance with the characteristics and the potential hazard of the research reactor

2.7. The overall method to determine the graded approach may be quantitative, qualitative or a

combination of both. The graded approach presented in this Safety Guide has two steps. First is the

qualitative categorization of the facility in accordance with its potential hazard (see para. 2.16 of SSR-

3 [1]). Second is consideration of a specific safety requirement from SSR-3 [1], and the quantitative

and/or qualitative analysis of any activities and/or SSCs associated with that requirement.

Step 1: Categorization of the facility in accordance with potential hazards

2.8. Qualitative categorization of the facility should be performed on the basis of the potential

radiological hazard, using a multi-category system, as follows:

(a) Facilities with significant potential for an off-site radiological hazard: such facilities include

research reactors with high operating power, a large radioactive inventory, or high-pressure

experimental devices. These facilities are categorized as a high potential hazard.

___________________________________________________________________________

2 Prescriptive and performance based regulatory approaches are described in para 2.80 of IAEA Safety Standards Series

No. SSG-16 (Rev. 1), Establishing the Safety Infrastructure for a Nuclear Power Programme [13].

8

(b) Facilities with potential for an on-site radiological hazard only: such facilities include research

reactors with operating power up to a few MW, a limited radioactive inventory, or no high-

pressure experimental devices. These facilities are categorized as a medium potential hazard.

(c) Facilities with no potential radiological hazard beyond the research reactor hall and associated

beam tubes or connected experimental facility areas: such facilities include facilities with low

operating power, not requiring heat removal systems, or with a small radioactive inventory. These

facilities are categorized as a low potential hazard.

Section 3 of DS509F [7] provides further guidance on evaluating the radiological hazard of research

reactors.

2.9. Additional characteristics to be considered in deriving the category of the facility in accordance

with its potential hazard are listed in para 2.17 of SSR-3 [1], which states:

“The factors to be considered in deciding whether the application of certain requirements

established here may be graded include:

(a) The reactor power;

(b) The potential source term;

(c) The amount and enrichment of fissile and fissionable material;

(d) Spent fuel elements, high pressure systems, heating systems and the storage of flammable

materials, which may affect the safety of the reactor;

(e) The type of fuel elements;

(f) The type and the mass of moderator, reflector and coolant;

(g) The amount of reactivity that can be introduced and its rate of introduction, reactivity

control, and inherent and additional safety features (including those for preventing

inadvertent criticality);

(h) The design limitations of the containment structure or other means of confinement;

(i) The utilization of the reactor (experimental devices, tests and reactor physics experiments);

(j) The site evaluation, including external hazards associated with the site and the proximity

to population groups;

(k) The ease or difficulty in changing3 the overall configuration.”

On the basis of these characteristics, the application of expert judgement, and consideration of any other

factors that might affect the potential radiological hazard from the facility, a high, medium or low

potential hazard should be identified and used in the analysis in step 2.

___________________________________________________________________________ 3 Modifications and experiments are an important aspect of research reactor design and operat ion. See paras 6.148-6.150 and

7.70 for specific recommendations

9

Step 2: Analysis and Application of a Graded Approach

2.10. Following the categorization of the facility in step 1, an analysis should be performed to determine

the appropriate manner for meeting a specific safety requirement using a graded approach. A safety

requirement may address a specific SSC, or an element of the management system. The safety

significance of each SSC or management system element (including SSCs and management system

elements related to experiments) can be determined through the step 2 analysis. Requirement 16 of SSR-

3 [1] states that “All items important to safety for a research reactor facility shall be identified and shall

be classified on the basis of their safety function and their safety significance”.

2.11. The safety function and safety significance and potential risks of SSCs should be determined by

conducting a safety assessment (see DS510A [10]). When identifying SSCs that are important to safety,

classifying them by their importance to safety, and then considering a graded approach in their design,

para 6.32 of SSR-3 [1] states that “The basis for the safety classification of the structures, systems and

components shall be stated and the design requirements shall be applied in accordance with their safety

classification.” The application of design requirements commensurate with the safety classification of

an SSC is the basis of a graded approach in the design process.

2.12. With regard to analysing the safety significance of elements of the management system, and then

applying grading in meeting management system requirements, Requirement 7 from IAEA Safety

Standards Series No. GSR Part 2, Leadership and Management for Safety [14] states:

“The criteria used to grade the development and application of the management system shall be

documented in the management system. The following shall be taken into account:

(a) The safety significance and complexity of the organization, operation of the facility or

conduct of the activity;

(b) The hazards and the magnitude of the potential impacts (risks) associated with the safety,

health, environmental, security, quality and economic elements of each facility or activity;

(c) The possible consequences for safety if a failure or an unanticipated event occurs or if an

activity is inadequately planned or improperly carried out.”

Paras 2.37–2.40 of IAEA Safety Standards Series No. GS-G-3.1, Application of the Management

System for Facilities and Activities 5] provide recommendations on how elements of the management

system can be assessed, to support a graded approach in the application of management system

requirements.

2.13. The analysis in step 2 to determine how requirements related to SSCs and/or management system

elements are met should consider the overall categorization of the facility from step 1, the safety

significance of the SSC and/or element of the management system which is affected, and therefore the

10

appropriate level of effort needed in meeting the requirement, and the manner in which the requirement

will be met. Expert judgement, from a single expert or a multidisciplinary group as appropriate, may be

included in the analysis.

2.14. Specific recommendations on the use of a graded approach in the application of each safety

requirement are provided in Sections 3–8, including on requirements to which a graded approach cannot

be applied. Examples are given for the graded application of requirements for research reactors with a

high, medium, or low potential hazard.

3. USE OF A GRADED APPROACH IN THE REGULATORY

SUPERVISION OF RESEARCH REACTORS

3.1. The general requirements for the legal and regulatory infrastructure for facilities and activities are

established in IAEA Safety Standards Series No. GSR Part 1 (Rev. 1), Governmental, Legal and

Regulatory Framework for Safety [16], which including requirements on the use of a graded approach

for the responsibilities and functions of the regulatory body. IAEA Safety Standards Series No. GSG-

13, Functions and Processes of the Regulatory Body for Safety [17] provides recommendations on the

core regulatory functions and processes, including the application of a graded approach (see paras 2.8–

2.10 of GSG-13 [17]), to the following:

(a) Regulations and guides;

(b) Notification and Authorization;

(c) Review and assessment of facilities and activities;

(d) Inspection of facilities and activities;

(e) Enforcement;

(f) Emergency preparedness and response;

(g) Communication and consultation with interested parties.

THE USE OF A GRADED APPROACH IN THE LEGAL AND REGULATORY

INFRASTRUCTURE

3.2. The requirements for the legal infrastructure established in GSR Part 1 (Rev. 1) [15]

INTERNATIONAL ATOMIC ENERGY AGENCY, Application of the Management System for

Facilities and Activities, IAEA Safety Standards Series No. GS-G-3.1, IAEA, Vienna (2006).

11

3.3. [1616]. are placed on the government (e.g. for the adoption of legislation that assigns the prime

responsibility for safety to the operating organization and establishes a regulatory body) and on the

regulatory body (e.g. for the establishment of regulations that results in a system of authorization for the

regulatory control of nuclear activities and for the enforcement of the regulations). Regarding the

application of these requirements, para 3.2 of SSR-3 [1] states that “The application of a graded approach

that is commensurate with the potential hazards of the facility is essential and shall be used in the

determination and application of adequate safety requirements.” Specific aspects of the legal and

regulatory framework in a State may affect the extent to which a graded approach can be used.

3.4. In a State where the most hazardous nuclear facility is a single operating research reactor with a

low potential hazard (see para. 0), the implementation of the national policy and strategy for safety may

use a graded approach, with a less comprehensive set of policy mechanisms and internal resources than

in a State with a large and diverse nuclear infrastructure. A graded approach to applying the requirements

for a State’s legal and regulatory infrastructure4 should include an analysis of the radiation risks

associated with facilities and activities and also consider the following provisions that are necessary for

the government to meet the fundamental safety objective:

(a) Human and financial resources;

(b) The type of authorization process;

(c) The provisions for regulatory review;

(d) Appropriate inspection and enforcement regulations;

(e) Communication and consultation with interested parties.

Further detail is provided in Requirements 1 and 2 of GSR Part 1 (Rev. 1) [16].

THE USE OF A GRADED APPROACH IN THE ORGANIZATION AND FUNCTIONS OF

THE REGULATORY BODY

3.5. A graded approach should be applied in establishing the regulatory body and determining aspects

of its organizational framework, based on the potential hazards of all of the facilities and activities under

its supervision or oversight.

The regulatory body is required to be provided with sufficient authority, and a sufficient number

of experienced staff and financial resources to discharge its assigned responsibilities (Requirement 3 of

GSR Part 1 (Rev. 1) [15] INTERNATIONAL ATOMIC ENERGY AGENCY, Application of

the Management System for Facilities and Activities, IAEA Safety Standards Series No. GS-G-

3.1, IAEA, Vienna (2006).

___________________________________________________________________________ 4 Some examples are shown in TECDOC-XXXX, “Application of graded approach in regulating nuclear power plants,

research reactors and fuel cycle facilities”.

12

3.6. [16]). The responsibilities of the regulatory body should include establishing regulations, review

and assessment of safety related information (e.g. from the safety analysis report), issuing

authorizations, performing inspections, taking enforcement actions and providing information to other

competent authorities and the public. External experts, technical support organizations or advisory

committees may assist the regulatory body in these activities.

3.7. Examples of safety requirements for the regulatory body that can be met using a graded approach

are requirements for: staffing; resources for in-house technical support; inspections; the content and

detail of authorizations, regulations and guides; and the detail required from the licensee for submissions

of documentation on the safety of the facility, including the safety analysis report. Areas where the

regulatory body might use a graded approach are identified in IAEA Safety Standards Series GSG-12,

Organization, Management and Staffing of the Regulatory Body for Safety [1818]. Regulatory

requirements should be taken into account as they may limit the scope of a graded approach in the

application of requirements for the regulatory body itself.

THE USE OF A GRADED APPROACH IN THE AUTHORIZATION PROCESS

3.8. The authorization process is often performed in steps for the various stages of the lifetime of a

research reactor, as described in paras 3.4 and 3.5 of SSR-3 [1]. For a research reactor, these stages

include:

(a) Site evaluation;

(b) Design;

(c) Construction;

(d) Commissioning;

(e) Operation, including utilization and modification;

(f) Decommissioning;

(g) Release from regulatory control.

3.9. At each of these stages, regulatory reviews and assessments are usually made and authorizations

or approvals are issued. In some cases, some of these stages may be combined, depending on the nature

of the facility and relevant laws and regulations.

3.10. The authorization process should be used by the regulatory body to exercise control during all

stages of the lifetime of the research reactor. This control is accomplished by means of the following:

(a) Defining clear lines of authority for authorizations to proceed;

(b) Reviewing and assessing all safety relevant documents, particularly the safety analysis report;

(c) Issuing of licences;

13

(d) Implementing hold points for inspections, review and assessment;

(e) Reviewing, assessing, and approving operational limits and conditions;

(f) Authorizing construction;

(g) Authorizing commissioning;

(h) Authorizing operation;

(i) Authorization of operating personnel;

(j) Authorizing decommissioning.

3.11. The steps in the authorization process apply to all research reactors, including experiments and

modifications (see DS510B [11]), at all stages of the reactor lifetime. However, at each step in the

authorization process, a graded approach may be used in the application of the safety requirements by

the regulatory body, depending on the potential hazard of the facility. For example, the level of detail

required in the application for an authorization, the depth of review and human resource needed by the

regulatory body when considering an application for authorization, and the duration of an authorization

when it is issued, should be commensurate with the potential hazard from the facility being authorized.

Safety analysis report

3.12. The requirements for the safety analysis report, which is used in the review and assessment of

facilities and activities and in the authorization of research reactors, are established in Requirement 1 of

SSR-3 [1]. The responsibilities of the regulatory body include the review and assessment of safety

related information from the safety analysis report. A graded approach may be used in the application

of these requirements. The level of detail in documentation related to the safety of the facility, including

the safety analysis report, should be based on the potential hazard from the facility, and on the stage in

the lifetime of the facility.

3.13. A graded approach should be used in the preparation a safety analysis report, for example, the

level of detail necessary to demonstrate that acceptance criteria are met should be commensurate with

the potential hazard of the research reactor. For research reactors with a higher potential hazard, typically

more detailed analysis is necessary to demonstrate safety in all operating and accident conditions, with

less use of large bounding analyses. For a facility with a low potential hazard, the safety analysis may

include bounding analyses, due to large safety margins in the design, to demonstrate that the research

reactor can be operated safely.

3.14. The use of probabilistic safety assessment to supplement deterministic safety analysis as

appropriate, is another element of the safety analysis report that could vary in scope based on the

potential hazard of the facility (see Requirement 41 in SSR-3 [1]). The Appendix in DS510A [10]

provides recommendations on safety assessment and the safety analysis report for research reactors,

14

including the application of a graded approach commensurate with the magnitude of the potential

hazards.

THE USE OF A GRADED APPROACH IN INSPECTION AND ENFORCEMENT

Requirements for inspection and enforcement are established in paras 3.13–3.16 of SSR-3 [1]. For

inspections, GSR Part 1 (Rev. 1) [15] INTERNATIONAL ATOMIC ENERGY AGENCY,

Application of the Management System for Facilities and Activities, IAEA Safety Standards

Series No. GS-G-3.1, IAEA, Vienna (2006).

3.15. [16] states:

“The regulatory body shall develop and implement a programme of inspection of facilities and

activities, to confirm compliance with regulatory requirements and with any conditions specified

in the authorization. In this programme, it shall specify the types of regulatory inspection

(including scheduled inspections and unannounced inspections) and shall stipulate the frequency

of inspections and the areas and programmes to be inspected, in accordance with a graded

approach.”

In general, there should be fewer inspections and hold points for a research reactor with a low potential

hazard, compared to those for a research reactor with a higher potential hazard.

3.16. Enforcement actions should be commensurate with the consequences of non-compliance.

Regulatory bodies should allocate resources and apply enforcement actions or methods in a manner

commensurate with the seriousness of the non-compliance, increasing them as necessary to bring about

compliance with requirements.

3.17. Some of the factors that should be considered in determining the appropriate level of enforcement

actions are as follows:

(a) The safety significance of the non-compliance or of the violation;

(b) Whether the non-compliance or violation is repeated;

(c) Whether there has been an intentional violation;

(d) Whether or not the authorized party identified and/or reported the non-compliance or the

violation;

(e) Whether the non-compliance or violation impacted the ability of the regulatory body to perform

its regulatory oversight function;

(f) The past safety performance of the authorized party and the performance trend;

(g) The need for consistency and openness in the treatment of authorized parties.

15

3.18. Enforcement actions in response to an intentional violation of a regulatory requirement should be

commensurately serious.

4. USE OF A GRADED APPROACH IN THE MANAGEMENT AND

VERIFICATION OF SAFETY OF RESEARCH REACTORS

Requirements for the management system for organizations operating nuclear installations,

including research reactors, are established in GSR Part 2 [13] INTERNATIONAL ATOMIC

ENERGY AGENCY, Establishing the Safety Infrastructure for a Nuclear Power Programme,

IAEA Safety Standards Series No. SSG-16 (Rev. 1), IAEA, Vienna (2020).

4.1. [1414], including the requirement for the management system to be developed and applied using

a graded approach. Additional requirements specific to research reactors are established in Requirements

2–6 of SSR-3 [1].

RESPONSIBILITIES IN THE MANAGEMENT FOR SAFETY

4.2. Requirements for responsibilities in the management for safety for research reactors are

established in Requirement 2 of SSR-3 [1]. Paragraph 4.1 of SSR-3 [1] states:

“In order to ensure rigour and thoroughness at all levels of the staff in the achievement and

maintenance of safety, the operating organization:

(a) Shall establish and implement safety policies and shall ensure that safety matters are given

the highest priority;

(b) Shall clearly define responsibilities and accountabilities with corresponding lines of

authority and communication;

(c) Shall ensure that it has sufficient staff with appropriate qualifications and training at all

levels;

(d) Shall develop and strictly adhere to sound procedures for all activities that may affect

safety, ensuring that managers and supervisors promote and support good safety practices,

while correcting poor safety practices;

(e) Shall review, monitor and audit all safety related matters on a regular basis, and shall take

appropriate corrective actions where necessary;

(f) Shall develop and sustain a strong safety culture, and shall prepare a statement of safety

policy and safety objectives, which is disseminated to and understood by all staff.”

16

There are elements of this requirement which cannot be applied using a graded approach, for example,

for the operating organization to have prime responsibility for the safety of the research reactor, and the

requirement to develop and sustain a strong culture for safety.

4.3. The management of a research reactor should vary depending on the potential hazard of the

facility, its complexity and size. For example, in a research reactor with a high potential hazard, the

requirement for sufficient staff could result in a large operating organization, to enable continuous

operation day and night, and provide maintenance and technical support. In a facility with a low potential

hazard, such as some subcritical assemblies, the requirement for sufficient staff could result in a small

operating organization, with the necessary training to operate, maintain, and ensure the safety of the

research reactor. The organization structure for the operating organization, and the definition of

minimum staff required in the facility during operation, should account for the operational response to

anticipated operational occurrences and the emergency preparedness and response arrangements

required for all accident conditions.

SAFETY POLICY

4.4. Requirement 3 of SSR-3 [1] states that “The operating organization for a research reactor

facility shall establish and implement safety policies that give safety the highest priority.”

4.5. The requirement to establish and implement a safety policy cannot be applied using a graded

approach. The safety policy is a central component of an integrated management system, to ensure that

any activities across the operating organization place safety as the highest priority.

THE USE OF A GRADED APPROACH IN THE APPLICATION OF THE

REQUIREMENTS FOR THE MANAGEMENT SYSTEM

4.6. Requirements for the management system for a research reactor facility are established in

Requirement 4 of SSR-3 [1]. Paragraph 4.7 of SSR-3 [1] states that “The level of detail of the

management system that is required for a particular research reactor or experiment shall be governed by

the potential hazard of the reactor and the experiment”.

4.7. In general, management system processes should be most stringent for items, services or

processes where a failure or a non-conformance has the highest potential hazard. For other items,

services or processes, the management system processes may be less stringent. The following are

examples of elements of the management system where this requirement can be applied using a graded

approach:

(a) Type and content of training;

17

(b) Level of detail and degree of review and approval of operating procedures;

(c) Need for and detail of inspection plans;

(d) Scope, depth and frequency of operational safety reviews and controls including internal and

independent audits;

(e) Type and frequency of safety assessments;

(f) Records to be generated and retained;

(g) Reporting level and authorities of non-conformances and corrective actions;

(h) Maintenance, periodic testing and inspection activities;

(i) Equipment to be included in plant configuration control;

(j) Control applied to the storage and records of spare parts;

(k) Need to analyse events and equipment failure data.

4.8. Procedures for a research reactor with a high potential hazard should be subject to a level of

review and approval commensurate with their safety significance. A procedure for a simple maintenance

task on a component in a non-active system with low safety significance could be written by an

experienced member of the engineering personnel and reviewed by a maintenance supervisor. A

procedure for use in the control room to start up the reactor should be subject to more rigour in the level

of detail and extent of review. For a research reactor with a low potential hazard, the expertise necessary

to write and review new procedures may not always exist within the operating organization and could

involve experts from the reactor designer or another external organization with appropriate knowledge.

The level of review for procedures should also be commensurate with their safety significance.

4.9. The approval of procedures is the responsibility of the reactor manager (see para 5.16 DS509D

[5]). In every research reactor, regardless of potential hazard, every procedure in the management system

should be periodically reviewed by the reactor manager or a designate, to enable improvements to be

identified.

4.10. Paras 2.37–2.44 of GS-G-3.1 [115] also provide recommendations on a graded approach to the

application of requirements for management system controls.

4.11. The requirement for the assessment and improvement of the integrated management system can

be applied using a graded approach to identify and correct weaknesses commensurate with their safety

significance, and with the potential hazard of the facility. For example, for a research reactor with a high

potential hazard, the operating organization could be large, and the management system could include

a large number of procedures to ensure operation, utilization and maintenance activities are conducted

safely. An operating experience programme could be implemented by a small group of personnel within

the operating organization to identify weaknesses and improvements in the management system on a

18

weekly basis, for management to prioritize based on their safety significance. In parallel, the

management system could be the subject of frequent external assessment, to identify where systemic

improvements can be made. For a research reactor with a low potential hazard, the management system

could consist of relatively few processes and procedures, the operating experience programme could be

implemented by the operations personnel to identify improvements to the management system, and an

audit of the management system could occur as part of the renewal of the authorization from the

regulatory body.

THE USE OF A GRADED APPROACH IN THE APPLICATION OF THE

REQUIREMENT FOR VERIFICATION OF SAFETY

Safety assessment

4.12. Requirements for safety assessment are established in Requirement 5 of SSR-3 [1]. This

requirement can be applied using a graded approach, for example by considering the potential hazard of

the research reactor when determining the frequency and scope of safety assessments throughout the

lifetime of the facility such as self-assessments and peer reviews. For example, the frequency and scope

of safety assessments, self-assessments and peer reviews, should be commensurate with the potential

hazard of the facility, recent operating experience, the potential hazard of modifications (see para 7.70),

or the results from previous periodic safety reviews.

4.13. The requirement to verify the adequacy of the design using safety assessment techniques can be

applied using a graded approach based on the potential hazard of the facility and the number of SSCs

important to safety, as discussed in para 3.13. Recommendations on the use of a graded approach in

safety analysis of the design are provided in paras 6.85–6.91 of this Safety Guide.

Safety committee

4.14. Requirements for the safety committee are established in Requirement 6 of SSR-3 [1]. One

element of this requirement that cannot be applied using a graded approach, is the establishment of a

safety committee. The safety committee is required to be independent from the reactor manager, to

advise the operating organization on relevant aspects of the safety of the reactor and the safety of its

utilization, and on the safety assessment of design, commissioning and relevant operational issues and

modifications. A minimum list of items that the safety committee is required to review is provided in

SSR-3 [1] (see also para 7.9 of this Safety Guide).

4.15. Aspects of this requirement which can be applied using a graded approach include, the number,

size, and frequency of committee meetings; and the membership composition of the committee.

19

4.16. In a research reactor with a high potential hazard, the safety committee could have a busy schedule

of work, requiring frequent meetings reviewing proposed experiments of safety significance, safety

documentation, reports on doses to personnel and reports to the regulatory body. In such a research

reactor, the safety committee may designate subcommittees with specific expertise to provide advice or

recommendations on specific technical areas such as criticality safety or radiation protection, to reduce

the workload on other safety committee members. The composition of the safety committee and its

subcommittees typically includes a wide range of expertise on all technical areas of operation. The

operating organization for such a facility typically can staff the safety committee from internal

personnel. In a research reactor with a low potential hazard, the safety committee could be convened

less frequently to review the status of safety and to provide advice to the reactor manager, with additional

meetings arranged only as necessary. The operating organization for such a research reactor is typically

smaller in size, and the safety committee could be staffed with a number of external personnel with

experience from other facilities and in the appropriate technical areas.

5. THE USE OF A GRADED APPROACH IN SITE EVALUATION FOR

RESEARCH REACTORS

5.1. The requirements for site evaluation for research reactors are established in IAEA Safety

Standards Series No SSR-1, Site Evaluation for Nuclear Installations [15]. Recommendations for the

application of those requirements for research reactors, using a graded approach, are provided in Section

6 of IAEA Safety Standards Series No. SSG-35, Site Survey and Site Selection for Nuclear Installations,

[16].

5.2. Requirement 3 of SSR-1 [15] discusses a graded approach to the application of requirements for

site selection specifically for facilities other than nuclear power plants. Paragraph 5.1 of SSR-3 [1] states

that “The main safety objective in evaluating the site for a research reactor is the protection of the public

and the environment against the radiological consequences of normal and accidental releases of

radioactive material”. Accordingly, it is necessary to assess those characteristics of the site that may

affect the safety of the research reactor, to determine whether there are deficiencies in the site and if

they can be mitigated by appropriate design features, site protection measures and administrative

procedures. For a graded approach to the application of site evaluation requirements, the scope and depth

of site evaluation studies and evaluations should be commensurate with the potential radiation risk

associated with the facility. The scope and detail of the site evaluation may also be reduced if the

20

operating organization proposes to adopt conservative parameters for design purposes that reduce the

potential for on-site and off-site consequences in the event of an accident, which may be a preferred

approach for research reactors. For example, a conservative assumption for the design of a particular

SSC that is readily accommodated in the overall design may permit simplification of the site evaluation.

5.3. Paragraphs 4.1–4.5 of SSR-1 [15] develop the basis for applying a graded approach to the various

site related evaluations and decisions, commensurate with the radiological hazard of the research reactor.

The main factors to be considered in site evaluation are the following:

(a) The amount, type and status of the radioactive inventory at the site (e.g. whether the radioactive

material on the site is in solid, liquid and/or gaseous form, and whether the radioactive material

is being processed in the nuclear installation or is being stored on the site);

(b) The intrinsic hazards associated with the physical and chemical processes that take place at the

research reactor;

(c) The thermal power;

(d) The distribution and location of radioactive sources in the nuclear installation;

(e) The configuration and layout of installations designed for experiments, and how these might

change in future;

(f) The need for active systems and/or operator actions for the prevention of accidents and for the

mitigation of the consequences of accidents;

(g) The potential for on-site and off-site consequences in the event of an accident.

5.4. The requirements for site evaluation should applied use a graded approach, provided that there is

an adequate level of conservatism in the design and siting criteria, to compensate for a simplified site

hazard analysis and simplified analysis methods.

5.5. Section 10 of IAEA Safety Standards Series No. SSG-9 (Rev. 1), Seismic Hazards in Site

Evaluation for Nuclear Installations [17] provides recommendations on a graded approach to the

application of safety requirements for seismic hazard evaluation for nuclear installations other than

nuclear power plants. The approach can be based upon the complexity of the installation and the

potential radiological hazards, including hazards due to other materials. A seismic hazard assessment

should initially apply a conservative screening process in which it is assumed that the entire radioactive

inventory of the installation is released by an accident initiated by a seismic event. If such a release

would not lead to unacceptable consequences for workers, the public or the environment, the installation

may be screened out from further seismic hazard assessment. If the results of the conservative screening

process show that the potential consequences of such a release could be significant, a seismic hazard

evaluation should be performed.

21

5.6. Section 7 of IAEA Safety Standards Series No. SSG-21, Volcanic Hazards in Site Evaluation for

Nuclear Installations [18] provides recommendations similar to those in SSG-9 (Rev. 1) [17] for a graded

approach to the application of Requirement 17 from SSR-1 [15] with respect to volcanic hazards in site

evaluation. A volcanic hazard assessment should initially apply a conservative screening process in

which it is assumed that the entire radioactive inventory of the installation is released by an accident

initiated by a volcanic event. If such a release would not lead to unacceptable consequences for workers,

the public or the environment, the installation may be screened out from further volcanic hazard

assessment. If the results of the conservative screening process show that the potential consequences of

such a release could be significant, a more detailed volcanic hazard assessment should be performed,

and a graded approach outlined in SSG-21 [18] should then be used to categorize the installation for the

purposes of volcanic hazard assessment.

5.7. Recommendations on a graded approach to the application of Requirements 18, 19 and 20 of

SSR-1 [15] on meteorological and hydrological hazards in site evaluation are provided in IAEA Safety

Standards Series No. SSG-18, Meteorological and Hydrological Hazards in Site Evaluation for Nuclear

Installations [19]. For the purpose of the evaluation of meteorological and hydrological hazards,

including flooding, the installation should be screened on the basis of its complexity, the potential

radiological hazards, and hazards due to other materials. If the results of a conservative screening

process, similar to that described in SSG-9 (Rev. 1) [17] and SSG-21 [18], show that the consequences

of a potential release could be significant, a detailed meteorological and hydrological hazard assessment

for the installations should be carried out, in accordance with the graded approach outlined in Section

10 of SSG-18 [19].

5.8. Human induced events cannot be included in site evaluation using the same approach as other

external events. Because human induced events are discrete and are not characterised by a range of

frequency and severity, only one intensity level for each event is expected for consideration in the design

basis. Recommendations on site survey and site selection, including the screening and analysis of human

induced events, are provided in SSG-35 [20]. While the events themselves are discrete, the siting process

for nuclear installations other than nuclear power plants can be applied using a graded approach, based

on the potential hazard of the facility (see Section 6 of SSG-35 [20])

22

6. THE USE OF A GRADED APPROACH IN THE DESIGN OF

RESEARCH REACTORS

6.1. Section 6 of SSR-3 [1] establishes requirements for design under three categories:

(a) Principal technical requirements: Paragraphs 6.2–6.18 of this Safety Guide provide

recommendations on the use of a graded approach in the application of Requirements 7–15 of

SSR-3 [1].

(b) General requirements for design: Paragraphs 6.19–6.91 of this Safety Guide provide

recommendations on the use of a graded approach in the application of Requirements 16–41 of

SSR-3 [1].

(c) Specific requirements for design: Paragraphs 6.92–6.150 of this Safety Guide provide

recommendations on the use of a graded approach in the application of Requirements 42–66 of

SSR-3 [1].

THE USE OF A GRADED APPROACH IN PRINCIPAL TECHNICAL REQUIREMENTS

Main safety functions

6.2. Requirement 7 of SSR-3 [1] states:

“The design for a research reactor facility shall ensure the fulfilment of the following main

safety functions for the research reactor for all states of the facility: (i) control of reactivity;

(ii) removal of heat from the reactor and from the fuel storage; and (iii) confinement of the

radioactive material, shielding against radiation and control of planned radioactive releases,

as well as limitation of accidental radioactive releases.”

The use of a graded approach should result in design features which fully meet this requirement and are

appropriate for the potential hazard from the research reactor. The control of planned radioactive

discharges during normal operation is an element of this requirement that cannot be applied using a

graded approach. The control of radioactive discharges is necessary to protect the public and the

environment and ensure that facility operation meets applicable national environmental regulations.

6.3. A graded approach can be used in the application of some elements of the requirement for the

main safety functions, as follows:

(a) Control of reactivity:

23

(i) The capability to shut down the reactor when necessary is a requirement for all research

reactors, although the size of the subcriticality margin available and the speed of response

of the shutdown system may vary according to the reactor design.

(b) Removal of heat from the reactor and from the fuel storage:

(i) For some research reactors (typically with a medium or high potential hazard and higher

power) a forced convection cooling system to remove fission heat, could be necessary to

meet the acceptance criteria for the design, in all operating conditions and accident

conditions, whereas for research reactors with less demanding cooling needs, such as some

critical and subcritical assemblies, fission heat could be generated at sufficiently low levels

that it could be adequately removed without the need for an engineered system.

(ii) Similarly, for the removal of decay heat following shutdown, the design of the cooling

system can use a graded approach based on factors such as the power of the reactor, the

maximum level of fission products and the heat transfer characteristics of the fuel. For a

research reactor with less demanding cooling needs, where no heat removal system is

necessary during operation, no dedicated equipment is necessary for decay heat removal.

(iii) The scope and necessity of cooling systems, including emergency core cooling systems to

replace the inventory of reactor coolant in the event of a loss of coolant accident, is verified

through the safety analysis for the research reactor, which is required to demonstrate that

for all operational states and accident conditions, the main safety function of heat removal

is fulfilled.

(c) Confinement of radioactive material, shielding against radiation and control of planned

radioactive releases:

(i) The design of SSCs to perform barrier or retention functions to confine radioactive material

in operational states and accident conditions can use a graded approach. The approach can

be based on the potential hazard of the facility, the inventory of fission products, the

characteristics of the fuel, and the results of the safety analysis for the research reactor.

(See also the description of the fourth level of defence in depth in para. 6.7).

(ii) The design of shielding for protection from radiation should be based on the magnitude of

the radiation hazard which can be calculated for each location in the research reactor where

actions by operating personnel are necessary in operational states and in accident

conditions. The appropriate material and thickness of shielding that is commensurate with

the hazard can then be included in the design.

24

(iii) The requirement for the control of planned radioactive discharges cannot be applied using

a graded approach.

Radiation protection

6.4. Requirements for radiation protection in the design of research reactors are established in

Requirement 8 of SSR-3 [1]. The requirement for the design to ensure that doses to reactor personnel

and the public are kept as low as reasonably achievable should be applied using a graded approach

considering the potential hazard of the research reactor, and its characteristics such as the inventory of

fission products and the proximity to a population centre. Specific design provisions, or SSCs included

in the design to protect reactor personnel and the public from radiation, e.g. an emergency filtration

system, could be larger and more complex for a research reactor with a high potential hazard.

Design

6.5. Requirements for the design of a research reactor are established in Requirement 9 of SSR-3 [1].

The use of a graded approach in the application of this requirement should be based on the potential

hazard of the facility and the factors in para. 2.9.

6.6. The requirement that adequate information on the design is available for operation, future

modifications, and decommissioning can be applied using a graded approach based on the potential

hazard of the research reactor, the number of SSCs important to safety and the number of SSCs in the

facility with associated radiation hazards. The quantity of information that would be adequate to

decommission a research reactor with a high potential hazard should be larger in scope than for research

reactors with lower potential hazard, e.g. some low power reactors, critical and subcritical assemblies.

Application of the concept of defence in depth

6.7. Requirements for the application of the concept of defence in depth are established in

Requirement 10 of SSR-3 [1]. Paragraph 2.12 of SSR-3 [1] describes the five levels of defence in depth

for preventing or controlling deviations in normal operation, preventing accidents and mitigating

radiological consequences of accidents.

6.8. Defence in depth is an important design principle that is required for all research reactors

regardless of potential hazard; However, this requirement should be applied using a graded approach

by recognizing that for low power research reactors, or critical and subcritical assemblies, accidents

which need mitigation by the fourth or fifth level of defence in depth (see para. 2.12 of SSR-3 [1]) may

not be physically possible.

25

6.9. For a facility with a low or medium potential hazard, the first four levels of defence in depth

should be included in the design, however the design capability of the engineered safety features can

use a graded approach, for example the decay heat load could be smaller, and typically a smaller fission

product inventory needs to be confined or mitigated than for a research reactor with a high potential

hazard.

Interfaces of safety with security and the State system of accounting for, and control of, nuclear

material

6.10. Requirement 11 of SSR-3 [1] states:

“Safety measures, nuclear security measures and arrangements for the State system of

accounting for, and control of, nuclear material for a research reactor shall be designed and

implemented in an integrated manner so that they do not compromise one another.”

This requirement is specifically for integration, and consequently it cannot be applied using a graded

approach5. The design of the safety measures themselves are the subject of specific requirements of

SSR-3 [1], and these requirements should be applied using a graded approach commensurate with the

potential hazard of the facility.

Proven engineering practices

6.11. Requirement 13 of SSR-3 [1] states:

“Items important to safety for a research reactor shall be designed in accordance with the

relevant national and international codes and standards.”

This requirement, can be applied using a graded approach, following the detailed requirements in paras

6.19–6.24 of SSR-3 [1], for example, when no appropriate code or standard is available or when there

is a departure from established engineering practice.

6.12. For SSCs for which there are no established codes or standards, SSR-3 [1] allows the use of

related standards or the results of experience, tests or analysis, and requires that such an approach is

justified. A graded approach can be used in the application of this requirement, based on the potential

hazard of the facility, the safety classification of the SSC, and the availability of related codes and

standards, such as those for nuclear power plants or from other industries. Expert judgement is necessary

in using this approach and should be documented as part of the required written justification, and should

be approved in accordance with a process in the management system.

___________________________________________________________________________

5 Additional guidance on this topic is available in IAEA-TECDOC-1801, Management of the Interface between Nuclear

Safety and Security for Research Reactors (2016).

26

6.13. If the design process does not follow established engineering practice, SSR-3 [1] requires that, “a

process shall be established under the management system to ensure that safety is demonstrated”. A

graded approach can be used in the application of this requirement based on the safety classification of

the SSC, its reliability requirements and the consequences of failure established in the safety analysis.

The effort required to develop the new process and its scope and level of detail should be commensurate

with the hazard category of the research reactor and the safety classification of the SSC. In all cases,

SSR-3 [1] requires that the SSC is monitored in service to verify that the research reactor facility operates

as designed.

Provision for construction

6.14. Requirements for the provision for construction in the design of research reactors are established

in Requirement 14 of SSR-3 [1].

6.15. The requirement for items important to safety to perform according to specification cannot be

applied using a graded approach, and the ability of those SSCs to function as designed cannot be

compromised by the manufacturing, construction and installation processes.

Features to facilitate radioactive waste management and decommissioning

6.16. Requirements for features to facilitate radioactive waste management and decommissioning are

established in Requirement 15 of SSR-3 [1] and can be applied using a graded approach.

6.17. The choice of materials used in the design of a research reactor should use engineering judgement

to address the utilization needs of the facility and the hazards in the decommissioning process that result

from long-lived activation products. The effort and scope of design measures to minimize radioactive

waste from decommissioning the research reactor should be commensurate with the potential hazard of

the decommissioning process. For a research reactor with a high potential hazard, the elimination of

materials that produce long-lived activation products may not be feasible, however minimizing them

where possible will reduce the overall potential hazard for the decommissioning process. Planning for

how those materials are managed during the operating lifetime and the decommissioning of the facility

should include radiation protection considerations and could include specific technology or practices to

prevent undue radiation exposure of personnel. For a research reactor with a low potential hazard, such

as a subcritical assembly, the activation of core components could be insufficient to create a significant

hazard from activation products. The level of detail of the characterization of the hazard to be included

in the decommissioning plan, should be commensurate with the magnitude of the hazard, using a graded

approach.

27

6.18. In addition to the original reactor design, this requirement applies to modifications made, and new

experiments undertaken, during its operation. For example, this requirement could be applied using

graded approach to the choice of material used in the design of new experimental equipment based on

the potential hazard introduced for waste management and decommissioning.

THE USE OF A GRADED APPROACH IN GENERAL REQUIREMENTS FOR DESIGN

Safety classification of structures, systems and components

6.19. Requirements for the safety classification of structures, systems and components are established

in Requirement 16 of SSR-3 [1].

6.20. All research reactors regardless of the potential hazard are required to classify the SSCs important

to safety. The method for determining the safety significance of SSCs should be based on deterministic

methods, complemented by probabilistic methods and engineering judgement. Research reactors with

higher potential hazard and significant in-core experimental facilities, such as loops, typically require a

greater number of SSCs that are in a higher safety class. The classification of SSCs important to safety

is useful input when using a graded approach in the application of other requirements.

Design basis for items important to safety

6.21. Requirements for the design basis for items important to safety are established in Requirement 17

of SSR-3 [1]. The requirement to justify and document the design basis for each item important to safety

can be applied using a graded approach based on the potential hazard of the facility and the level of

detail for each SSC necessary to enable the operating organization to operate the research reactor safely.

6.22. Although it is not possible to apply the requirements in para 6.34 of SSR-3 [1] using a graded

approach, the design basis for items important to safety in a research reactor or a critical or subcritical

assembly with a low potential hazard, is typically less complex, and requires less analysis to demonstrate

that its performance meets acceptance criteria, due to the low potential hazard of the facility. The

classification of SSCs, based on their importance to safety, should be utilized to establish the design

requirements for withstanding accident conditions without exceeding authorized limits.

Postulated initiating events

6.23. Requirements for identifying postulated initiating events are established in Requirement 18 of

SSR-3 [1].

6.24. The requirement to identify the postulated initiating events cannot be applied using a graded

approach. A comprehensive set of postulated initiating events is required for the safety analysis of a

28

research reactor regardless of potential hazard, and can be identified using current safety standards and

operational experience, including operational experience from similar facilities.

6.25. The analysis of the set of postulated initiating events should be commensurate with the hazard

and complexity of the research reactor facility. A graded approach can be used in the safety analysis that

follows from the identification of initiating events. The scope and level of detail of the safety analysis

should be commensurate with the characteristics of the design and the potential hazard of the facility

(see paras 6.85-6.91).

Internal hazards and external hazards

6.26. Requirements for identifying and evaluating internal hazards and external hazards are established

in Requirement 19 of SSR-3 [1].

6.27. Identification of internal hazards (e.g. fire, explosion or flooding originating inside the facility)

and external hazards (e.g. seismic activity, tornado or flooding external to the facility), that are

applicable to the facility, should be based on the site characterization, and the design of the reactor. The

application of this requirement cannot use a graded approach. A detailed list of postulated internal and

external hazards is included in Appendix I of SSR-3 [1]. A graded approach can be used in applying the

requirement to evaluate the effect of internal hazards and external hazards using safety analysis, based

on the characteristics of the design and the potential hazard of the facility (see paras 6.85–6.91).

Design basis accidents

6.28. Requirements for identifying and considering design basis accidents are established in

Requirement 20 of SSR-3 [1].

6.29. The requirement to identify a set of design basis accidents based on postulated initiating events

(see para 6.23) cannot be applied using a graded approach. Because the postulated initiating events will

correspond to the degree of complexity and the potential hazard of the facility, the resulting design basis

accidents will also reflect the facility design. For example, a critical or subcritical assembly that does

not require forced cooling flow may not have a design basis accident associated with loss of flow.

Design limits

6.30. Requirements for specifying the design limits are established in Requirement 21 of SSR-3 [1].

6.31. Design limit specifications are required to support design requirements for all relevant parameters

for all operational states and design basis accidents. Design limits are limits on key physical parameters

such as the maximum stress or temperature that items are exposed to, that ensure the integrity of barriers

and the reliability of safety functions. Design limits should also be specified for experimental devices.

29

6.32. One aspect of this requirement that can be applied using a graded approach is the degree of

conservatism included in design limits. The specification of design limits should include conservatism

to ensure that the limits are effective, are not exceeded, and that the facility will withstand design basis

accidents without acceptable limits for radiation protection being exceeded. The degree of conservatism

can be adjusted according to the potential hazard of the facility and the approach taken for safety

analysis. For example, a facility with a low potential hazard could apply conservative design limits and

simplify the safety analysis, whereas a facility with a larger potential hazard could apply less

conservatism, leading to greater effort in a more detailed safety analysis.

Design extension conditions

6.33. Requirements for the derivation and use of design extension conditions are established in

Requirement 22 of SSR-3 [1]. The inclusion of design extension conditions in the safety analysis for a

research reactor can use the overall graded approach for safety analysis as discussed in paras 6.85–6.91.

6.34. The requirement to derive a set of design extension conditions should be applied using a graded

approach based on the potential hazard of the research reactor, engineering judgement and the results of

the safety analysis of design basis accidents. The outcome from the analysis of these design extension

conditions could result in additional design features in combination with an additional set of severe

accident management procedures to the existing emergency plans and procedures. In a research reactor

with a low potential hazard such as a subcritical assembly with few SSCs important to safety, accidental

criticality could be the only event included in the analysis of design extension conditions.

Engineered safety features

6.35. Requirements for engineered safety features are established in Requirement 23 of SSR-3 [1].

6.36. For each design basis accident and selected design extension conditions, the safety analysis for

the facility is required to demonstrate that operational parameters are maintained within the specified

design limits by either passive or engineered safety features. As discussed in para 6.31, the requirements

for design limits may be applied using a graded approach, which would have an effect on the design of

engineered safety features. A research reactor with a high potential hazard including a large cooling

system, could require specific engineered safety features to mitigate internal flooding caused by a leak

of secondary coolant. Such a facility could also require an emergency core cooling system to collect and

recirculate primary coolant inventory in response to a loss of coolant accident. The need for engineered

safety features is identified by the safety analysis of the design. For a research reactor with a low

potential hazard such as a critical assembly where the irradiated fuel can be safely stored in air, the

safety analysis could demonstrate that no engineered safety feature is required to maintain fuel integrity

in response to a loss of coolant accident.

30

Reliability of items important to safety

6.37. Requirements for the reliability of items important to safety are established in Requirement 24 of

SSR-3 [1].

6.38. The reliability of items important to safety requires the application of the principles of

redundancy, diversity, independence and fail-safe design including the application of relevant codes and

standards, for example the level of redundancy or independence in a safety system.

6.39. The use of a graded approach in the application of this requirement should be based on the

potential hazard of the facility, and the characteristics of the facility identified in the safety analysis. The

analysis is required to demonstrate that the safety systems that prevent design limits from being

exceeded (Requirement 20 from SSR-3 [1]) operate with sufficient reliability. Using a graded approach,

the design of a safety system could use triplicate redundant channels to ensure a high reliability. If

greater reliability is needed, the design could include a second system using diverse technology.

6.40. Where automatic or passive performance of a safety function is necessary or an inherent safety

feature is used, a minimum level of reliability of the associated SSC should be established and

maintained. Depending on the type of the research reactor, performance of one or more of the following

safety functions may need to be automatic:

(a) Reactor shutdown;

(b) Initiation of emergency core cooling;

(c) Confinement of radioactive material.

6.41. To ensure the necessary reliability one of the following design principles may be applied:

(a) Single failure criterion;

(b) Design for common cause failures;

(c) Physical separation and independence;

(d) Fail-safe design;

(e) Qualification of items important to safety.

Recommendations on the application of these principles to research reactors in accordance with a graded

approach are provided in paras 6.42–6.51.

Single failure criterion

31

6.42. Requirement 25 of SSR-3 [1] states that “The single failure criterion shall be applied to each

safety group incorporated in the design of the research reactor.”

6.43. The requirement that no single failure prevents SSCs in a safety group from performing a main

safety function, cannot be applied using a graded approach. The groups of equipment delivering any one

of the main safety functions are required to be designed with redundancy, independence and diversity

to ensure high reliability.

Common cause failures

6.44. Requirement 26 of SSR-3 [1] states:

“The design of equipment for a research reactor facility shall take due account of the

potential for common cause failures of items important to safety, to determine how the

concepts of diversity, redundancy, physical separation and functional independence have to

be applied to achieve the necessary reliability.”

Because the objective is to achieve a level of reliability necessary to ensure safe operation, this

requirement can be applied using a graded approach for example, in the design of an emergency

ventilation system. For a research reactor with a high potential hazard, where a design basis accident

combined with the failure of emergency ventilation could result in off-site radiological consequences,

to meet the acceptance criteria for the safety analysis, the design of the emergency ventilation system

could exclude low-probability common cause failures through the use of diversity, redundancy and

physical separation, whereas for a research reactor with a low potential hazard, the acceptance criteria

may be met using a design with simple redundancy of SSCs.

Physical separation and independence of safety systems

6.45. Requirements for the physical separation and independence of safety systems are established in

requirement 27 of SSR-3 [1].

6.46. Physical separation can be incorporated into a design to varying degrees, for example in a research

reactor with a high potential hazard, system cable trains for two independent shutdown systems could

be installed on separate floors of the facility to prevent a fault leading to a fire in one system affecting

the second system. In a facility with a lower potential hazard, cable trains could be located in separate

rooms or separated from each other within the same room and meet the required reliability in the safety

analysis for the system.

Fail-safe design

32

6.47. Requirement 28 of SSR-3 [1] states “The concept of fail-safe design shall be incorporated, as

appropriate, into the design of systems and components important to safety for a research reactor .”

6.48. The requirement for the use of fail-safe design features cannot be applied using a graded approach.

However engineering judgement should be applied, considering the acceptance criteria used in the safety

analysis of the design, to assess the appropriate extent of fail-safe design features in systems and

components important to safety, to ensure that safety functions are sufficiently reliable in response to

initiating events to prevent and mitigate design basis accidents and selected design extension conditions.

Qualification of items important to safety

6.49. Requirements for the qualification of items important to safety are established in Requirement 29

of SSR-3 [1].

6.50. Where the design of a research reactor includes provisions for safety functions to mitigate or

prevent accident conditions, the SSCs performing those functions are required to be qualified for the

appropriate environmental conditions. Maintenance and testing procedures for items important to safety

should be developed recognizing the potential for a test to negatively affect the component being tested

by imposing conditions of temperature, pressure or stress. The level of qualification of SSCs should be

consistent with their safety classification (see para 6.20).

Design for commissioning

6.51. The requirements for the design to facilitate commissioning are established in Requirement 30 of

SSR-3 [1].

6.52. The requirement to include features to facilitate the commissioning process cannot be applied

using a graded approach. However, the requirement specifies the inclusion of such features “as

necessary”. The design basis of the reactor provides information on the tests and measurements that

should be employed in the commissioning process. This information should be used to anticipate

difficulties in carrying out commissioning tests and measurements, and to provide for such testing and

measurement in the design. Additional recommendations on the use of a graded approach in the

application of requirements for commissioning of research reactors, including experimental devices and

modifications are provided in DS509A [2].

Calibration, testing, maintenance, repair, replacement, inspection and monitoring of items

important to safety

6.53. Requirements for the calibration, testing, maintenance, repair, replacement, inspection and

monitoring of items important to safety are established in Requirement 31 of SSR-3 [1]:

33

6.54. Where the performance of maintenance, periodic testing and inspection takes place in controlled

areas, it is required that the activity does not result in undue exposure to radiation of the operating

personnel (paras. 6.88 and 7.44 of SSR-3 [1]). This aspect of the requirement cannot be applied using a

graded approach.

6.55. Aspects of this requirement which can be applied using a graded approach include:

(a) Provision for testing of SSCs during reactor operation;

(b) The storage and use of spare parts.

6.56. The design of a research reactor is required to accommodate the need for maintenance and testing

of components during operation based on the reliability requirements of the SSC and its safety

significance as well as the potential hazard of the facility, consistent with the manufacturer’s

recommendations and operating history. For example, for a research reactor with a high potential hazard,

components in the reactor protection system could require testing more frequently than during shutdown

periods. In such cases the design should incorporate specific features to enable testing of components or

trains within a system without impairing the safety function. In a facility with a lower potential hazard,

the reliable performance of SSCs in the reactor protection system could be adequately demonstrated

with testing performed during periodic shutdowns.

6.57. The storage and use of spare parts for maintenance of items important to safety is an aspect of

this requirement that can be applied using a graded approach, while meeting the requirements of

applicable national codes and standards and regulatory conditions (e.g. admissible repair time) specified

in the authorization and operational limits and conditions. For a research reactor with a high potential

hazard, spare parts for some SSCs important to safety might need to meet the national standards for

nuclear power plants, including requirements for procurement and storage.

6.58. There are two steps in determining the provisions for maintenance, periodic testing and

inspection:

(a) Firstly, the types and frequencies of the required inspections, tests and maintenance operations

should be determined, with account taken of the importance to safety of the SSC and its required

reliability, and all of the effects that may cause progressive deterioration of the SSC.

(b) Secondly, the provisions to be included in the design to facilitate the performance of these

inspections, tests and maintenance operations should be specified, with account taken of the

frequency, the radiation protection implications and the complexity of the inspection, test or

maintenance operation. These provisions include accessibility, radiation shielding, remote

handling and in situ inspection, self-testing circuits in electrical and electronic systems, and

software, and provisions for easy decontamination and for non-destructive testing.

34

Design for emergency preparedness and response

6.59. Requirement 32 of SSR-3 [1] states:

“For emergency preparedness and response purposes, the design for a research reactor

facility shall provide:

(a) A sufficient number of escape routes, clearly and durably marked, with reliable

emergency lighting, ventilation and other services essential to the safe use of these

escape routes;

(b) Effective means of communication throughout the facility for use following all

postulated initiating events and in accident conditions.”

6.60. The requirement for escape routes to meet national requirements for emergency preparedness

cannot be applied using a graded approach. A graded approach can, however, be